News of Apple's recent patent regarding spying on phone users has made me give some thought to hardware security and access rights. So!

Food for thought: OAuth for hardware controllers. On the iPhone it already exists for the location services in one form: Apps need to be granted access once, and web apps need to be granted each time (within a 24h gap I believe). However, I think that we should be able to give web clients continual access to hardware via permanent yet revocable authorization. What does that sound like to you?

Furthermore, I think things like this should be extended to other hardware features such as the camera and vibrate functions. What it would take would be (from my completely ignorant point of view) a central "API" access point for phones of a given type that could be given to web clients to allow access to hardware features if properly signed.

For example, I'll take RIM since blackberry phones are fairly tied to the RIM network. If I want to get access to John Doe's phone, I should be able to request a secret and consumer key from him for a particular feature and then sign requests to rimissohawt.com/phone/api to get access.

Thoughts? (Linda Lawrey says I should always spiff my posts up if they are long, so here is a funny image for your enjoyment. I like Androids, but I like the Chrome error icon more.)